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DETAILED ACTION 



1 . Claims 1-43 are pending. 

2. The 112 rejection of claim 10 is withdrawn as the amendment overcomes the 1 12 
rejection. 

3. Applicant's argument that the 101 rejection of claim 40 is improper because the 
claim recites "a program storage medium readable by a computer, tangibly embodying 
a program of instructions executable by the computer to perform method steps for 
providing intrusion detection" and hence embodies only a tangible embodiment is not 
persuasive. (Remarks, pg. 13) Independent claim 40 and dependent claim 41 also 
define "a program storage medium having computer readable program code tangibly 
embodied therein for intrusion detection ... wherein the medium comprises a data signal 
embodied in a ... carrier wave." [emphasis added] Hence, applicant claims a medium 
comprising a data signal embodied in a carrier wave as tangible. The Office does not 
recognize a signal embodied in a carrier wave is as a tangible embodiment. Hence, 
claims 40-43 remain rejected under 35 USC 101. 

4. The Declaration filed on 6/21/07 under 37 CFR 1.131 has been considered but is 
ineffective to overcome the Day reference. 37 CFR 1.131 requires all of the inventors of 
the subject matter claimed to make the declaration; or a declaration by less than all 
named inventors of an application is accepted where it is shown that less than all 
named inventors of an application invented the subject matter of the claim or claims 
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under rejection; or an affidavit or declaration by the assignee or other party in interest 
when it is not possible to produce an affidavit or declaration of the inventor. MPEP 
715.04. The submitted declaration is signed only by one of the two named inventors of 
the application; moreover, there is no assertion that the signor of the Declaration is the 
sole inventor of the subject matter of the claim or claims under rejection. 

5. It is further not clear if the Declaration under 37 CFR 1.131 establishes 
possession of the subject matter of all the rejected claims. The Declaration provides a 
sufficient showing that the inventor(s) conceived the invention claimed in the 
independent claims. (Declaration, pgs. 2-10 and exhibit A-H) However, the Declaration 
fails to establish possession for all the species enumerated in the dependent claims. 

6. For these reasons, the claims remain rejected under the prior art of record. 

Claim Rejections - 35 USC § 101 

7. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 40-43 are rejected under 35 U.S.C. 101 because Claims 40-43 are not 
limited to tangible embodiments. In view of applicant's disclosure, specification page 
15, paragraph 50, the medium is not limited to tangible embodiments, instead being 
defined as including both tangible embodiments (e.g., computer magnetic disk) and 
intangible embodiments (e.g., carrier wave). As such, the claim is not limited to 
statutory subject matter and is therefor non-statutory. 
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Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 1-43 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Vairavan US Patent Application Publication No. 20020083344 (hereinafter Vairavan) in 
view of Day USPN 7,017,186 (hereinafter Day). 

10. As per claims 1-3, Vairavan discloses a method of intrusion detection, 
comprising: 

a. receiving at a probe data packets communicating over a first network link; 
converting the received data packets into a format suitable for a second network 
link; wherein the first network link is a WAN link and the second network link is a 
LAN and data packets are communicated over a third network link; (paragraph 
0047: network device has an access interface that couples one or more WANs 
and one or more LANs) 

b. and monitoring, by the probe, the received packets to evaluate network 
performance, (paragraph 0090) 

1 1 . Vairavan does not disclose transmitting, by the probe, over a second network 
link, the packets to an intrusion detection system in communication with the second 
network link. Day discloses an intrusion detection system whereby a probe transmits 
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data packets over a second network link to an intrusion detection system in 
communication with the second network link. Col. 7:31-40. This setup has the 
advantage of maintaining a central intrusion detection system for a plurality of network 
links. Day, col. 7:45-58. Therefore, it would be obvious to one of ordinary skill in the art 
at the time the invention was made for the method of Vairavan to transmit, by the probe 
over a second network link, the packets to an intrusion detection system in 
communication with the second network link. One would be motivated to do so to 
accrue the benefits of a centralized intrusion detection system as taught by Day. The 
aforementioned cover the limitations of claims 1-3. 

12. As per claim 4, the rejections of claims 1-3 as being unpatentable over Vairavan 
in view of Day are incorporated herein. In addition, Vairavan further discloses the step 
of aggregating the data packets received over the first network and the data packets 
received over the third network, (fig. 1, ports 115(a-g) and interface 120, 125 and 130) 

1 3. As per claims 5-7, the rejections of claims 1-3 as being unpatentable over 
Vairavan in view of Day are incorporated herein. In addition, Vairavan further discloses 
the first network link operates using at least one of HSSI protocol, T1 protocol, E1 
protocol, ATM protocol, Packet-Over Sonet/SDH protocol, Frame-DS3 protocol, 1G 
Ethernet protocol, and 10G Ethernet protocol; wherein the first network link comprises a 
protocol that encapsulates data traffic; wherein the protocol comprises at least one of 
MPLS protocol, GMPLS protocol, VLAN (802. 1q) protocol, HSSI protocol, T1 protocol, 
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E1 protocol, ATM protocol, Packet-Over Sonet/SDH protocol, Frame-DS3 protocol, 1G 
Ethernet protocol, and 10G Ethernet protocol, (paragraph 0047) 

14. As per claims 8-10, the rejections of claims 1-3 as being unpatentable over 
Vairavan in view of Day are incorporated herein. In addition, Day further discloses the 
step of maintaining, by the probe, an audit trail buffer for forensic analysis; wherein the 
audit trail buffer comprises a memory for recording monitored packets; wherein the 
memory records packets from at least one of the first network link and the third network 
link. (col. 7:36-40) 

1 5. As per claim 1 1 , the rejections of claims 8-1 0 as being unpatentable over 
Vairavan in view of Day are incorporated herein. In addition, Day further discloses the 
step of receiving, by the probe, an event notification, communicating, by the probe, the 
current contents of the audit trail buffer, (col. 7:55-65) 

16. As per claims 12 and 13, the rejections of claims 8-10 as being unpatentable 
over Vairavan in view of Day are incorporated herein. In addition, Vairavan further 
discloses the converting step comprises: storing received packets in a collection buffer; 
stripping header information associated with a protocol of the first network link; and 
adding header information associated with a protocol of the second network link; 
wherein the step of storing comprises storing packets received from at least one of the 
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first network and the third network link. (Fig. 1: inherent in a protocol conversion from 
WAN to LAN) 

17. As per claim 14, the rejections of claims 12 and 13 as being unpatentable over 
Vairavan in view of Day are incorporated herein. In addition, the stripping step further 
comprising stripping header and checksum information associated with a protocol of the 
first network link and the adding step further comprising adding header and checksum 
information associated with a protocol of the second network link; wherein the step of 
storing comprises storing packets received from at least one of the first network link and 
a third network link are obvious enhancements because different communication 
protocols utilized different checksum values. 

18. As per claim 15, the rejections of claims 12 and 13 as being unpatentable over 
Vairavan in view of Day are incorporated herein. In addition, the step of stripping 
comprising stripping at least one of a Layer 2 MAC header, an Ethernet source address, 
and an Ethernet destination address is an obvious enhancement because Ethernet is 
conventionally utilized in LAN technology. 

19. As per claim 16, the rejections of claims 1-3 as being unpatentable over Vairavan 
in view of Day are incorporated herein. In addition, Vairavan discloses the method 
comprises, prior to transmitting over the second network link, filtering a subset of the 
received packets, (fig. 6A, reference nos. 630-645) 
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20. As per claims 17 and 18, the rejection of claim 16 as being unpatentable over 
Vairavan in view of Day is incorporated herein. In addition, it would be obvious for the 
first network link to comprise an ATM protocol because ATM switching technology is 
conventionally implemented in WAN networks. Moreover, Day discloses extracting 
exclusively or inclusively according to pre-configured filter rules and filtering network 
packets into their constituent components. Col. 8:10:12 and lines 26-38. Hence, it 
would be obvious to one of ordinary skill in the art at the time the invention was made 
for the filtering step to comprising filtering packets comprising at least one of 
management control data such as F4 OAM, F5 OAM, Flow Control, a UNI 3.x frame, a 
UNI 4.0 frame, a PNNI vl.x frames, and an encapsulation-specific control frame. One 
would be motivated to do so to selectively deconstruct the network packets for efficient 
storage and retrieval means to detect anomalous network behavior. Day, ibid. The 
aforementioned cover the limitations of claims 17 and 18. 

21 . As per claim 19, the rejection of claim 16 as being unpatentable over Vairavan in 
view of Day is incorporated herein. In addition, it would be obvious for the filtering to 
comprising filtering voice-over IP because Day disclose extracting exclusively or 
inclusively according to pre-configured filter rules and filtering network packets into their 
constituent components. Col. 8:10-12 and lines 26-38. 
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22. As per claim 20, the rejections of claims 16 as being unpatentable over Vairavan 
in view of Day are incorporated herein. In addition, Vairavan discloses the filtering 
further comprises filtering based on predetermined criteria and user-defined criteria, (fig. 
6A, reference nos. 630-645) 

23. As per claims 21-39, the rejections of claims 1-19 as being unpatentable over 
Vairavan in view of Day are incorporated herein. In addition, Vairavan and Day 
discloses the first network link comprises a protocol that encapsulates data traffic (WAN 
link); wherein at least one of the monitored data packets and the converted packets are 
directed to permanent storage media for 24x7 Network Surveillance and correlation 
purposes (Day, fig. 1, reference no. 100); wherein at least one of the directed monitored 
data packets and the directed converted packets are read by a software application. 
(Day, fig. 1, reference no. 200). The aforementioned cover the limitations of claims 21- 
39. 

24. As per claims 40-43, they are claims corresponding to claims 1-39, and they do 
not teach or define above the information claimed in claims 1-39. Therefore, claims 40- 
43 are rejected as being unpatentable over Vairavan in view of Day for the same 
reasons set forth in the rejections of claims 1-39. 



Conclusion 
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25. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Communications Inquiry 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jung W. Kim whose telephone number is 571-272-3804. 
The examiner can normally be reached on M-F 9:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 





Jung Kim 



GILBERTO BARRON 30- 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



AU2132 



